View Issue Details

IDProjectCategoryView StatusLast Update
0002512OXID eShop (all versions)4.02. Session handlingpublic2011-07-01 13:44
Status resolvedResolutionfixed 
Product Version4.4.6 revision 32697 
Target VersionFixed in Version4.5.1 revision 38045 
Summary0002512: Session-Loss
Descriptionwhen surfing WITHOUT cookies enabled in a oxid-shop, in which the dynamic content cache had been filled before by a user WITH cookies enabled, you loose your session.
Steps To Reproduce-open two browsers, A) with cookies disabled B) with cookies enabled

-use B) to open admin, active caching, delete cache

-use B) to surf around in frontend. Put something into your basket, open categories, article-details, etc

-now use A) to surf around in the frontend. Put something into your basket and you'll get a forced_sid, alright. Now keep surfing, open a category you visited with B) before, an article - and very soon you'll notice the session-loss.

--> problem seems to be, that cookie-surfers leave no SIDs in the cache (which is fine). If a cookieless-surfers uses the cache, the links in it still contain no SID. Clicking such a link looses the sid in the url and the session is lost.
You should make sure, that when you proccess the cache and isSidNeeded is true, you add a SID to every link, to only replace old sids.

TagsNo tags attached.
PHP Versionany
Database Versionany


related to 0002939 resolvedArunas usage without cookies impossible 
has duplicate 0002447 closedbirute_meilutyte Session loss with inactive cookies and active caching 



2011-07-01 13:44

reporter   ~0004805